[Phpgroupware-tracker] [Bug #3412] insecure creation of temporary file

[nobody]

=================== BUG #3412: FULL BUG SNAPSHOT ===================
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=3412&group_id=509

Submitted by: nb                      Project: phpGroupWare                 
Submitted on: Wed 04/30/2003 at 23:59
Category:  developer_tools            Bug Group:  devel cvs                 
Severity:  5 - Major                  Priority:  Low                        
Resolution:  None                     Assigned to:  None                    
Status:  Open                         Component Version:  CVS               
Platform Version:  None               Reproducibility:  Every Time          

Summary:  insecure creation of temporary file

Original Submission:  I had a quick look at the module developer_tools and 
noticed the following bug:

file: perl/lang_extract.pl
line 47 says. srand(100000);
this is very bad, it uses the same random seed every time the script is run.

that makes the value of int(rand(100000)) in line 58 trivial to predict (it's 
always the same).   Anyone who has write access in $tmpdir can put a symbolic 
link there and cause overwriting of a file.

replacing line 47 with srand(); is only a little better, as srand(time) is 
still very predictable.  Go to CPAN and grab code for creating a temp file 
securely, or rewrite things to avoid needing to use a temporary file.



No Followups Have Been Posted


CC list is empty


No files currently attached


For detailed info, follow this link:
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=3412&group_id=509